:: IT Security Neophyte Investigator's MEMO ::: 21日水曜日、先勝

2015年1月21日水曜日

21日水曜日、先勝

+ Oracle Critical Patch Update Advisory - January 2015
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

+ RHSA-2015:0068 Important: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0068.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ RHSA-2015:0066 Moderate: openssl security update
https://rhn.redhat.com/errata/RHSA-2015-0066.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

+ RHSA-2015:0069 Important: java-1.8.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0069.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0437

+ RHSA-2015:0067 Critical: java-1.7.0-openjdk security update
https://rhn.redhat.com/errata/RHSA-2015-0067.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412

+ RHSA-2015:0066 Moderate: openssl security update
https://access.redhat.com/errata/RHSA-2015:0066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206

+ patch 2.7.2 released
http://ftp.gnu.org/gnu/patch/?C=M;O=D

+ Multiple vulnerabilities in NTP
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ntp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9296

+ Java SE 8u31, 7u75/76 Released
http://www.oracle.com/technetwork/java/javase/8u-relnotes-2225394.html
http://www.oracle.com/technetwork/java/javase/7u-relnotes-515228.html

+ MySQL Multiple Bugs Let Remote Users Partially Access and Modify Data and Partially Deny Service
http://www.securitytracker.com/id/1031581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432

+ Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
http://www.securitytracker.com/id/1031580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0437

+ Oracle Database Multiple Flaws Let Remote Authenticated Users Access Data, Partially Modify Data, Gain Elevated Privileges, and Deny Service
http://www.securitytracker.com/id/1031572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6541
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0373

+ Oracle WebLogic Bugs Let Remote Users Partially Access Data, Partially Modify Data, and Partially Deny Service
http://www.securitytracker.com/id/1031571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6569

+ Oracle Fusion Middleware Bugs Let Remote Users Gain Elevated Privileges and Partially Access and Modify Data and Let Local and Remote Users Partially Deny Service
http://www.securitytracker.com/id/1031568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6526
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6548
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6580
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0434

+ LOCAL: OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
http://www.exploit-db.com/exploits/35847

+ LOCAL: OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
http://www.exploit-db.com/exploits/35848

+ DoS/PoC: OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
http://www.exploit-db.com/exploits/35849

+ SA62270 PolarSSL "asn1_get_sequence_of()" Memory Corruption Vulnerability
http://secunia.com/advisories/62270/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1182

+ OS X networkd "effective_audit_token" XPC Type Confusion Sandbox Escape
http://cxsecurity.com/issue/WLB-2015010111

+ OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
http://cxsecurity.com/issue/WLB-2015010112

【CSIRTメモ】
チェックしておきたい脆弱性情報＜2015.01.21＞
http://itpro.nikkeibp.co.jp/atcl/column/14/268561/011900039/?ST=security

【ヤバイメールの処方箋】
（3）メールボックスにあふれる広告メールをスッキリ整理
http://itpro.nikkeibp.co.jp/atcl/column/15/011300007/011300003/?ST=security

News ＆ Trend
MSがパッチの事前通知を突然終了、企業は適用体制の見直しを
http://itpro.nikkeibp.co.jp/atcl/column/14/346926/011900148/?ST=security

記者の眼
記者は対ハッキング演習に参加した、そして砕け散った
http://itpro.nikkeibp.co.jp/atcl/watcher/14/334361/011500161/?ST=security

首都大学東京が個人情報5万人分を閲覧可能に、1027件のアクセスを確認
http://itpro.nikkeibp.co.jp/atcl/news/15/012000238/?ST=security

米当局は5年前から北朝鮮ネットワークに侵入、米メディアが報道
http://itpro.nikkeibp.co.jp/atcl/news/15/012000215/?ST=security

UPDATE: JVNVU#99458129 Microsoft Windows の Kerberos Key Distribution Center (KDC) に Privilege Attribute Certificate (PAC) 署名検証不備の脆弱性
http://jvn.jp/vu/JVNVU99458129/

JVNVU#96617862 Microsoft Windows OLE ライブラリに任意のコード実行が可能な脆弱性
http://jvn.jp/vu/JVNVU96617862/

REMOTE: Bsplayer 2.68 - HTTP Response Buffer Overflow
http://www.exploit-db.com/exploits/35841

REMOTE: ManageEngine Multiple Products Authenticated File Upload
http://www.exploit-db.com/exploits/35845

REMOTE: Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
http://www.exploit-db.com/exploits/35822

DoS/PoC: MalwareBytes Anti-Exploit 1.03.1.1220, 1.04.1.1012 Out-of-bounds Read DoS
http://www.exploit-db.com/exploits/35842

:: IT Security Neophyte Investigator's MEMO ::

2015年1月21日水曜日

21日水曜日、先勝

0 件のコメント:

コメントを投稿

2015年1月21日水曜日

21日 水曜日、先勝

0 件のコメント:

コメントを投稿

21日水曜日、先勝